Session ID Hijacking With Burp Suite | OverTheWire Natas Level 20
We covered OverTheWire Natas 19-20 level. In this level, the web application used an if statement to…
OWASP
Session ID Hijacking With Python | OverTheWire Natas 19-20
We covered OverTheWire Natas 19-20 level. This level was similar to the previous level but with the…
Using Burp Suite for Session Hijacking | OverTheWire Natas Level 18 – 19
We used Burp Suite to demonstrate an experiment on enumerating sessions IDs created using PHP language. The…
Time Based SQL Injection | OverTheWire Natas Level 17
We covered time based SQL injection using the sleep function. Time time based SQL injection relies in…
Bypassing SQL Filters Using Command Substitution | OverTheWire Natas Level 16
We covered OverTheWire Natas Level 16 CTF where we went over a blind SQL injection scenario that…
Blind SQL Injection With Python | OverTheWire Natas Level 15
We covered a scenario of blind SQL Injection where the web application accepts user input without sanitization…
SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14
We covered a scenario of a login form vulnerable to SQL injection vulnerability. The source code allowed…
Command Injection & SQL Injection | HackTheBox Looking glass & Sanitize | OWASP TOP 10
We covered Command Injection & SQL Injection which are in the OWASP TOP 10 list of vulnerabilities….
Broken Authentication | HTB OWASP TOP 10 – P2
We covered broken authentication, session hijacking and information disclosure as part of HTB OWASP TOP 10 track…
XML External Entity Injection | HackTheBox baby WAFfles order
We covered a simple demonstration of XML External Entity Injection vulnerability which is part of OWASP Top…
Fuzzing Web Applications with Wfuzz | HackTheBox baby todo or not todo
We covered Fuzzing Web Applications with Wfuzz specifically fuzzing API endpoints. This was part of HackTheBox OWASP…
Python Pickle Exploitation | HackTheBox OWASP Top 10 Baby Website Rick
We covered python pickle where we demonstrated the serialization and deserialization of python pickle objects. This was…
PHP Static-Eval Exploitation | HackTheBox Baby Breaking Grad
We covered basic white box penetration test by inspecting, analyzing and exploiting a web application source code…
Demonstrating XSS,RCE and PostgreSQL Exploitation | HackTheBox Red Cross
RedCross From HackTheBox was like a maze, with several different paths to achieve shell and root. We’ll…
File Upload Vulnerabilities P12 | OverTheWire Natas 13
We covered another file upload vulnerability where the vulnerable code contained a PHP function exif_imagetype to check…
File Upload Vulnerabilities P 11 | OverTheWire Natas Level 12
We covered a basic example of bypassing file upload filters by changing the extension. We used Burp…
PHP Session Hijacking With XOR Encrypion | OverTheWire War Games Natas Level 11
We covered a scenario of web application admin bypass by reverse engineering the PHP source code which…
TryHackMe OWASP Juice Shop | The Complete Guide
Introduction We covered broken authentication and SQL injection walkthrough as part of OWASP Juice Shop from TryHackMe….
Pickle Rick CTF TryHackMe | The Absolute Beginner Pentesting
Introduction We performed an Nmap scanning to enumerate open ports and we discovered an HTTP service which…
Exploiting Docker Container with E-Commerce Website | TryHackMe The Marketplace
Summary In this video walk-through, we demonstrated gaining root access to a docker container running a web…